Alexander Ermolov

Slides and demos for our @REverseConf talk by @francesco_ev and @xorpse are up! If you missed the conference, now's you're opportunity to take a look at the talk content and demos. Slides & demos: github.com/binarly-io/Res… VulHunt framework: vulhunt.re

Vulhunt is now open-source, this is a game changer: github.com/vulhunt-re/vul… @binarly_io @vulhuntdev

We @binarly_io just open-sourced our VulHunt framework at @REverseConf! GitHub: github.com/vulhunt-re/vul… Documentation: vulhunt.re/docs Slack: join.slack.com/t/vulhunt/shar… vulhunt.re

I'm pleased to announce a new release of the Rust bindings for @HexRaysSA IDA SDK! This release includes v9.3 compatibility. Code: git.idalib.rs Docs: docs.idalib.rs Thank you to @yeggorv who contributed to this release, and to @HexRaysSA for their support.

Published my OFFZONE 2025 presentation slides (in Russian) on GitHub: github.com/NikolajSchlej/… Had a great time at the conf, kudos to Bi.Zone and other sponsors and crew members for organizing and running it.

🔍 Full paper: 📄 syssec.kaist.ac.kr/pub/2025/LLFuz… 💻 github.com/SysSec-KAIST/L… (coming soon) 📢 USENIX Security 2025 Authors: @hdtuanss , @ohtaekk_ , @cheoljun_p, @insu_yun , @yongdaek #LLFuzz #BasebandSecurity #Fuzzing #CyberSecurity #USENIXSecurity

ZeroNights CFP is open 🔥 Long time no see. ZN will take place on Nov 26, 2025 zeronights.ru The program committee is accepting talks in Offensive and SecOps tracks, rewarding exclusive in-person presentations Submit cfp.zeronights.ru/zeronights-202… @cfptime

Published the third part of my blog series about Hydroph0bia (CVE-2025-4275) vulnerability, this one is about the fix as Insyde applied it, and my thoughts on improvements for it. coderush.me/hydroph0bia-pa…

Preliminary analysis shows that Insyde fixed Hydroph0bia (CVE-2025-4275) by forcefully removing the NVRAM vars that lead to exploitation during SecureFlashDxe driver startup, and setting a restrictive variable policy for them, so such vars can't be set from the OS anymore.

Published, go check it out, it is a fun ride indeed: coderush.me/hydroph0bia-pa… Part 3 will be done when I see how Insyde fixed the vulnerability and if we could do something about that fix.

🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: binarly.io/blog/another-c… 🛡️ Advisory: binarly.io/advisories/brl…

The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…

Together with @AlexTereshkin we managed to summarize NVIDIA Offensive Security Research (OSR) work on breaking BMC (reference to our DefCon talk youtube.com/watch?v=dbJQIQ…). This blog post also includes a link to the full paper.

If for some reason #semgrep doesn’t fit your use case, here’s a port of my C vulnerability research ruleset to #weggli: github.com/0xdea/weggli-p… Read the linked blog post and check it out!

We're are happy to announce a new release of our #Rust bindings for @HexRaysSA idalib. What's new: - New APIs for working with IDBs, segments, and more - Rust 2024 support - New homepage: idalib.rs H/T to our contributors @yeggorv & @0xdea github.com/binarly-io/ida…

Gave a talk on external fuzzing of Linux kernel USB drivers with syzkaller at SAFACon by @SAFATeamGmbH. Includes a demonstration of how to rediscover CVE-2024-53104, an out-of-bounds bug in the USB Video Class driver. Slides: docs.google.com/presentation/d…

UEFITool / UEFIExtract / UEFIFind NE A71 - added Kaitai-based parser for Dell DVAR varstores - added tracking of recently opened files - macOS built of UEFITool is now developer-signed - fixed a bunch of minor issues github.com/LongSoft/UEFIT…

Slides of my talk at #Zer0Con2025! ⚡️ Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits ⚡️ I presented the kernel-hack-drill open-source project and showed how it helped me to exploit CVE-2024-50264 in the Linux kernel. Enjoy! a13xp0p0v.github.io/img/Alexander_…

Apple’s Darwin OS and XNU Kernel Deep Dive tansanrao.com/blog/2025/04/x…

The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control tandasat.github.io/blog/2025/04/0…